On March 13, 2023, at 08:56:35 AM +UTC, the decentralised finance (DeFi) loan system Euler Finance was exposed to a Flash Loan Attack. Millions of dollars in Dai (DAI), Dollar Coin (USDC), staked Ether (StETH), and wrapped Bitcoin (WBTC) were successfully stolen by the perpetrator. This was 2023’s most serious flash loan assault to date. This was not an exploit, but rather a clever use of flash loans.
The following day, on March 14, Euler took preemptive steps to reclaim funds, first by deactivating its vulnerable etoken module and donations function. It also collaborated with accounting firms to determine the underlying cause of the exploit.
According to Etherscan, the hacker issued illegal withdrawals from the Ronin bridge covering two transactions using stolen private keys. The wallet used for the transactions was linked to the Ronin network breach by the Lazarus organization, an infamous North Korean hacking organisation.
The Lazarus group has carried out several assaults over the years, with the majority of them involving disturbance, sabotage, financial theft, or spying. Within the organization, other “spin-off” organisations specialise in particular kinds of attacks and targets.
After 23 days since the Euler Finance exploits, the hacker has returned the remaining $31 million, bringing the recovery attempts to a satisfactory conclusion. On Monday, around 6:55 p.m. EST, the perpetrator returned $31 million in three transactions, consisting of 10,580 ETH ($19 million) and $12 million in DAI. This marks the conclusion of the project’s restoration efforts.
In a recent Twitter message, Euler Labs, the creator behind the impacted project, verified the successful recovery, stating: “Following successful negotiations, all of the recoverable funds taken from the Euler protocol on March 13th have now been successfully returned by the exploiter.”
The hacker proceeded to refund money at varying periods over the next few days. They refunded the largest portion of $102 million in ETH. On March 28, the intruder sent a succession of on-chain messages to their address, sharing messages with the public using the input data. The attacker apologised in these communications and vowed to return the leftover money as soon as feasible.
According to the Euler Finance team, this brings the total worth of the returned funds to more than $177 million, accounting for 90% of the anticipated recoverable funds from the breach after correcting for the 10% reward originally given by the project.
“Because the exploiter did the right thing and returned the funds, and the $1 million reward campaign launched by the Euler Foundation will no longer be accepting new information,” the protocol stated.
The return of these assets represents an uncommon case of positive resolve in the DeFi sector, where large-scale breaches are becoming more prevalent. In 2021 and 2022, over $2 billion was taken from bridges, primarily as a result of bugs and wallet assaults. The crypto community praised Euler Finance’s efforts to reclaim money and regain investor trust.